An insufficient validation of untrusted input within the WebNN API on Windows enables a remote attacker who has already compromised the renderer process to craft a malicious HTML page that may trigger a sandbox escape. The vulnerability is linked to input bounds errors (CWE‑20) and improper type conversion handling (CWE‑1286). While the NVD rating describes the severity as Medium, the CVSS score of 9.6 indicates a critical level of risk, as successful exploitation could lead to privilege escalation and compromise of confidentiality, integrity, or availability. Affected systems are Google Chrome browsers running on Windows, specifically versions older than 149.0.7827.53. The issue arises in the stable channel prior to that release and is therefore relevant to users of those versions. The CVSS score signals a high severity, but the EPSS score of less than 1% points to a very low but nonzero exploitation probability. The lack of a KEV listing suggests no known active exploitation campaigns. In practice, exploitation requires that an attacker first breaches the renderer process, after which the crafted HTML can attempt to escape the browser sandbox. The risk is contingent on both initial renderer compromise and the effectiveness of the browser’s sandbox mechanism.

Google Chrome browsers on Windows, versions older than 149.0.7827.53.

The CVSS score of 9.6 confirms a high severity impact, yet the EPSS value indicates that exploitation is unlikely at present. The vulnerability can be exploited by delivering a malformed HTML page to a compromised renderer process, which may then execute code outside the sandbox. The lack of a KEV listing and very low EPSS suggest that, while the theoretical impact is severe, real‑world exploitation is currently constrained by the need for prior renderer compromise and the robustness of Chrome’s sandbox controls.